如何设置一个letencrypt SSL证书并在Spring Boot应用程序中使用它? [英] How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
问题描述
我是服务器安全的新手,因此我对此并不十分了解,但是我需要获取运行在Digital Ocean Droplet上的Spring Boot应用程序才能使用HTTPS.
I'm new to securing a server so I don't really know much about this but I need to get my Spring Boot Application that is running on a Digital Ocean Droplet to use HTTPS.
我的想法是注册一个letencrypt证书,然后告诉Spring使用它.
My idea is to register a letsencrypt certificate and then tell Spring to use that.
但是,我不知道该怎么做.
However, I have no idea how to do that.
谢谢.
推荐答案
我写了2篇关于Let's Encrypt和 Spring Boot 的博客文章.
I wrote 2 blog posts about Let's Encrypt and Spring Boot.
- 颁发证书. 由我们加密证书保护的Spring Boot应用程序
- 续订证书. 让我们的加密证书更新:针对Spring Boot
- Issuing a certificate. Spring Boot Application Secured by Let’s Encrypt Certificate
- Renewing a certificate. Let’s Encrypt Certificate Renewal: for Spring Boot
简而言之,步骤如下:
- 拉出让我们的加密客户端(certbot).
-
为您的域(例如example.com)生成证书
- Pulling the Let's Encrypt client (certbot).
Generating a certificate for your domain (e.g. example.com)
./certbot-auto certonly -a standalone -d example.com -d www.example.com
事物在/etc/letsencrypt/live/example.com中生成. Spring Boot需要PKCS#12格式的文件.这意味着您必须将密钥转换为PKCS#12密钥库(例如,使用OpenSSL).如下:
Things are generated in /etc/letsencrypt/live/example.com. Spring Boot expects PKCS#12 formatted file. It means that you must convert the keys to a PKCS#12 keystore (e.g. using OpenSSL). As follows:
- 打开
/etc/letsencrypt/live/example.com目录. -
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root
- Open
/etc/letsencrypt/live/example.comdirectory. openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root
现在在/etc/letsencrypt/live/example.com中生成具有PKCS12的文件 keystore.p12 .
The file keystore.p12 with PKCS12 is now generated in /etc/letsencrypt/live/example.com.
是时候配置您的Spring Boot应用程序了.打开application.properties文件,并在其中放置以下属性:
It's time to configure your Spring Boot application. Open the application.properties file and put following properties there:
server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password=<your-password>
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
阅读我的博客文章,以获取更多详细信息和说明.
Read my blog post for further details and remarks.
这篇关于如何设置一个letencrypt SSL证书并在Spring Boot应用程序中使用它?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
